Basically don't use queues named "foo_in" and "foo_out", just use
a single name "foo", defined with "queue foo on $tdcif" and "queue
foo on $sirif". See the list archives for more; this has come up
several times.
On 2011/02/11 02:25, Mikkel C. Simonsen wrote:
> I have attempted to setup a router/firewall with traffic shaping. The
> traffic passes through just fine, but all through the bulk queues
> (checked using systat queues).
>
> The system runs OpenBSD 4.8 (GENERIC). I have included the complete
> config file below.
>
> tdcif is the internet connection, and sirif is the internal /28
> network. The config is a combination of the pf.conf of the old
> system, and some bits found in the man-page and through web searches.
> I guess some small typo is in there somewhere, but where? I hope
> somebody has time to spot the error(s)...
>
> The goal is to get "space" for some VOIP traffic, and to make sure
> that no single function (mail, http etc.) uses all the bandwidth.
>
> Best regards,
>
> Mikkel C. Simonsen
>
>
> sirif="fxp0"
> tdcif="fxp1"
>
> table <web> const {1.2.3.171, 1.2.3.164}
> table <post> const {1.2.3.165, 1.2.3.168}
> table <sirocco> const {1.2.3.172}
> table <sir> const {1.2.3.160/28}
> table <dns> const {1.2.3.170, 1.2.3.164}
> table <dina> const {1.2.3.162}
>
> altq on $tdcif hfsc bandwidth 10.5Mb queue { voip_out, dns_out,
> bulk_out, web_out, mail_out }
>
> queue voip_out bandwidth 5% priority 7 qlimit 500 hfsc (realtime 5%)
> queue dns_out bandwidth 5% priority 6 qlimit 500 hfsc (realtime 5%)
> queue bulk_out bandwidth 25% priority 4 qlimit 500 hfsc (upperlimit
> 50% default)
> queue web_out bandwidth 40% priority 5 qlimit 500 hfsc (realtime 30%)
> queue mail_out bandwidth 25% priority 3 qlimit 500 hfsc (upperlimit 50%)
>
>
> altq on $sirif hfsc bandwidth 13.5Mb queue { voip_in, dns_in,
> bulk_in, web_in, mail_in }
>
> queue voip_in bandwidth 4% priority 7 qlimit 500 hfsc (realtime 4%)
> queue dns_in bandwidth 5% priority 6 qlimit 500 hfsc (realtime 5%)
> queue bulk_in bandwidth 30% priority 4 qlimit 500 hfsc (upperlimit
> 50% default)
> queue web_in bandwidth 20% priority 5 qlimit 500 hfsc (realtime 15%)
> queue mail_in bandwidth 41% priority 3 qlimit 500 hfsc (upperlimit 50%)
>
> set skip on lo
> set skip on rl0
>
> pass in quick on $tdcif proto tcp from 2.105.54.144/29 to any port
> telnet queue bulk_in
>
> block in quick on $tdcif proto tcp to <web> port smtp
> block in quick on $tdcif proto tcp to <sirocco> port 500
> block in quick on $tdcif proto tcp to <post> port 275
> block in quick on $tdcif proto tcp to any port telnet
> block in quick on $tdcif proto tcp to any port 717
> block in quick on $tdcif proto tcp from 89.104.217.210 to 1.2.3.165
> port smtp
>
> pass in quick on $tdcif proto udp from any to <dina> queue voip_in
> pass in quick on $tdcif proto { tcp, udp } from any to <dns> port
> domain queue dns_in
> pass in quick on $tdcif proto tcp from any to <web> port {80, 443}
> queue web_in
> pass in quick on $tdcif proto tcp from any to <post> queue mail_in
>
> pass in quick queue bulk_in
>
> pass out quick on $sirif proto udp from <dina> to any queue voip_out
> pass out quick on $sirif proto tcp from <web> to any queue web_out
> pass out quick on $sirif from <dns> to any queue dns_out
> pass out quick on $sirif proto tcp from <mail> to any queue mail_out
>
> pass out quick queue bulk_out
